<?php
$prd = $_POST['product_name'];
$prq = $_POST['product_qt'];
$count = 0;

$link = mysql_connect("10.250.12.102", "store_rw", "pcw2")
       or die("Il est impossible d'accéder en écriture à ce service ou la base demandée");

mysql_select_db('store') or die("Impossible de sélectionner la base de données");

$sql0 = "SELECT * FROM products WHERE name = '$prd'";
$result =  mysql_query($sql0) or die('Échec de la requête : ' . mysql_error());
$arr0 = mysql_fetch_array($result);

if ($arr0[0])
{

	$sql = "SELECT quantity FROM stocks WHERE product_id = (SELECT product_id FROM products WHERE name = '$prd');";
	$result =  mysql_query($sql) or die('Échec de la requête : ' . mysql_error());
	$arr = mysql_fetch_array($result);
	if ($arr[0] >= $prq)
	{
		$sql2 = "UPDATE stocks SET quantity=quantity-'$prq' WHERE product_id = (SELECT product_id FROM products WHERE name = '$prd');";
		$result = mysql_query($sql2) or die('Échec de la requête : ' . mysql_error());		
	}
	else
	{
		echo "Quantite trop elevee !";
		$count = 1;
	}

}
else
{
	echo "Le nom de produit specifie n'existe pas.";
	$count = 1;
}

mysql_free_result($result);
mysql_close($link);
if ($count == 0)
{
	header("location:admin.php"); 
}
?>